英文:
How to handle Firestore deletes after 5 minutes from logged in?
问题
在我的应用中,我只允许经过身份验证的用户向Firestore写入数据。我还实现了一个撤销访问的选项,需要两个步骤:
- 从Firestore中删除用户数据
- 删除FirebaseUser对象
有两种情况:
-
我在5分钟之内撤销访问,这意味着用户将从Firestore和Firebase身份验证中删除。
-
我在5分钟之后撤销访问,这意味着用户将从Firestore中删除,但不会从Firebase身份验证中删除,因为它会抛出FirebaseAuthRecentLoginRequiredException异常。如果我改变顺序,首先尝试删除FirebaseUser对象,然后在5分钟内删除用户将从Firebase身份验证中删除,但不会从Firestore中删除,因为由于未经身份验证的用户,规则拒绝了删除操作。
如何解决这个问题?
英文:
In my app, I allow only authenticated users to write data to Firestore. I have also implemented an option to revoke access, which requires 2 steps:
1. Delete user data from Firstore
2. Delete FirebaseUser object.
There are two situations.
-
I revoke the access within 5 minutes, which means that the user is deleted from Firestore as well as from Firebase Authentication.
-
I revoke the access after 5 minutes, which means that the user is deleted from Firestore, but not from Firebase Authentication, as it throws a FirebaseAuthRecentLoginRequiredException. If I change the order, and I try to delete the FirebaseUser object first, then within 5 minutes, the user is deleted from Firebase Authentication, but not from Firestore, because the delete operation is rejected by the rules due to unauthenticated user.
How to solve this issue?
答案1
得分: 1
你可以使用在用户删除时触发函数来从Firestore中删除用户在Firebase身份验证中被删除后的数据(文档)。这将确保即使用户在5分钟内未登录,其数据也会被删除:
import * as functions from "firebase-functions";
import * as admin from "firebase-admin";
admin.initializeApp(); // 管理员SDK初始化
const db = admin.firestore();
// * 当用户被删除时触发
export const onUserDelete = functions.auth
.user()
.onDelete(async (user, context) => {
console.log(user);
const docRef = db.collection("users").doc(user.uid);
await docRef.delete(); // 在用户被删除时从数据库中删除用户数据
console.log("用户数据已被删除");
});
由于此函数在受信任的环境中执行,因此它会绕过安全规则,您可以在这里检查:开始使用Cloud Firestore安全规则:
>注意:服务器客户端库会绕过所有Cloud Firestore安全规则,而是通过Google应用程序默认凭据进行身份验证。如果您使用服务器客户端库、REST或RPC API,请确保为Cloud Firestore设置身份验证和访问管理(IAM)。
如果您认为这太繁琐,您还可以使用删除用户数据 Firebase扩展,这已经是一个经过试验的解决方案,可以自动删除用户在用户被删除时的所有firebase服务中的数据,如实时数据库、Firestore和Firebase存储。
参考资料:Firebase身份验证触发器,删除用户数据扩展
英文:
You can use Trigger a function on user deletion to delete the user's data(document) from Firestore after they have been deleted from Firebase Authentication. This will ensure that the user's data is deleted even if they have not signed in within 5 minutes :
import * as functions from "firebase-functions";
import * as admin from "firebase-admin";
admin.initializeApp(); // Admin SDK initialization
const db = admin.firestore();
// * Triggered on User Deletion
export const onUserDelete = functions.auth
.user()
.onDelete(async (user, context) => {
console.log(user);
const docRef = db.collection("users").doc(user.uid);
await docRef.delete(); // delete user Data from DB on user deletion
console.log("user Data has been Deleted");
});
As this function will execute in the Trusted Environment so it bypasses the security rules which you can check here Get started with Cloud Firestore Security Rules :
>Note : The server client libraries bypass all Cloud Firestore Security Rules and instead authenticate through Google Application Default Credentials. If you are using the server client libraries or the REST or RPC APIs, make sure to set up Identity and Access Management (IAM) for Cloud Firestore.
If you think that this is bulky then you can also use Delete User Data firebase Extension which is already a tried and tested solution for your application. It automatically deletes all the user data from all firebase Services like realtime-database, Firestore and Firebase Storage when the user gets deleted.
References : Firebase Authentication triggers , Delete User Data Extension
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论